Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 6 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Microsoft to release eight patches next week, but nothing for TIFF vulnerability

by The Gurus
November 22, 2013
in Editor's News
Share on FacebookShare on Twitter

Microsoft will release eight bulletins next week, including three critical-rated patches for vulnerabilities in Internet Explorer and Microsoft Windows.

Tyler Reguly, technical manager of IT security research and development at Tripwire, said: “It’s a pretty typical patch Tuesday, Internet Explorer, Windows, and Office patches. This month shows that new Microsoft software isn’t immune to flaws — Office 2013, IE 11, and Windows 8.1 will all receive patches on Tuesday.”
Wolfgang Kandek, CTO of Qualys, said that the focus should be on patching the critical update for Internet Explorer. “Addressing browser vulnerabilities on a fast schedule has become increasingly important as more and more of our time online is spent accessing the Internet and running applications through the browser, he said.
“All of the critical bulletins and one of the important bulletins result in a remote code execution and should be prioritised higher. The rest of the important bulletins result in the elevation of privileges or a denial of service condition.”
Ross Barrett, senior manager security engineering at Rapid7, said: “For the first time in a few months, this is a relatively straightforward Patch Tuesday, with fixes for most Windows versions, the ever-present IE roll up patch, and some Office components, but nothing esoteric or difficult to patch.  No SharePoint plug-ins, no complicated .NET patching, no esoteric office extensions.
“Of this month’s advisories, the three critical are bulletins 1, 2, and 3, which affect IE and most Windows versions. Bulletin 2 affects all supported Windows versions and requires a restart, so it’s definitely a common and loaded component. All of these will be top patching priorities.  Beyond that, bulletins 4 and 5 allow remote code execution and elevation of privilege respectively, but are not listed as critical and are probably thought to be harder to exploit than some others. Bulletins 6, 7, and 8 are information disclosure and denial of service, so if organisations have to choose, these are lower priority.”
However the current zero-day vulnerability in Office will not be patched this time. Dustin Childs, group manager of response communications at Microsoft Trustworthy Computing, said that it was only aware of targeted attacks against Office 2007 where Windows XP was used.
Kandek said: “The zero-day is detailed in security advisory KB2896666 as a vulnerability in the TIFF graphics format parser and informs that it is seeing limited attacks in the Middle East and South Asia. The observed attacks are through Microsoft Word documents and the vulnerability is present in Microsoft Office 2003, 2007 and 2010. Microsoft has provided a Fix-It that turns off TIFF rendering in the affected graphics library, which should have no impact if you are not working with TIFF format files on a regular basis.”
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Cloud and security come together with acquisition of HighCloud by HyTrust

Next Post

PCI version 3.0 released with greater focus on modern attacks and authentication

Recent News

Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023
london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information